A senior US official has met with European Commission staff in Brussels to share views on the overhaul of EU data protection rules and to assuage fears in Europe about a lack of robustness in the US privacy enforcement regime.

Julie Brill, who sits on the Federal Trade Commission (FTC), was the first to come to Brussels directly to address the EU's pending proposal for a data protection regulation.

The issue has sparked keen interest and concern amongst US business groups (see background) and Brill’s meeting on 18 April represented the first formal US government consultation with the EU executive on the issue.

Brill was appointed to the FTC – a key US data privacy regulator and policymaker – by President Barrack Obama in 2010, and told EurActiv that she had an effective international liaison role with the FTC and therefore would be a point of contact for the US on the new rules.

She told journalists after the meeting that one of the reasons for her visit was to counter the impression of a “lack of understanding about how robust the US [privacy] regime actually is, and how much enforcement work we do, and how strong the laws are that we do have, and how active our agency is in enforcement.”

We are tough on data protection, says FTC

Describing privacy as “mission critical” for the FTC, Brill cited the agency’s implementation of the Children’s Online Privacy Protection Act, and issuance of 20-year ‘consent orders’ against internet giants such as Facebook, Google, MySpace and Twitter as evidence of ‘aggressive’ enforcement.

The consent orders require the internet companies to be audited every second year to ensure they are in line with privacy rules.

“We at the FTC share many of the same goals that are embedded in the proposed [EU] regulation,” Brill said.

Many of the concepts within it – including privacy by design, greater transparency, data security, accountability and codes of conduct – are also reflected in current US thinking about privacy, the commissioner said.

“I wanted to make sure that the language will allow us to continue to co-operate robustly through the ‘safe harbour’, we want to make sure that we have the means to co-operate on international privacy enforcement, and to do it robustly,” said Brill.

The ‘safe harbour’ framework enables European firms prohibited from transferring personal data to overseas jurisdictions with different privacy laws, to do so where the receiving companies agree to abide by so-called 'safe harbour' principles.

“We wanted to assure them that there are appropriate systems in place, that the 'safe harbour' can be enforced,” Brill said.

US concerns

Saying the the EU and US had "compared notes on what works and what doesn’t work with enforcement," Brill also alluded to some differences of opinion.

“Our role is a consultative role and in that context on data breach notification, requiring a company to give a breach notification to the regulator within a very short time frame can be problematic,” she said, referring to the draft proposals.

Brill explained that where criminal investigations are pending, it may be necessary to take police action, or sometimes to allow the offence to continue as a way of trapping fraudsters, before regulators are notified.

Another concern she highlighted related to enforceable codes of conduct. Brill said that the FTC had a lot of experience with the operation of such codes, and believed that voluntary schemes supervised by delegated authorities could be more effective than a more prescriptive legal approach.

Asked to what extent data protection issues might play a part in the current negotiations surrounding negotiation of a US-EU trade agreement, Brill said that she was not in a position to say, since such negotiations were a matter for the US government.

Background

The European Commission published in January 2012 a broad legislative package aimed at safeguarding personal data across the EU.

The reform is of particular interest to countries like the United States, whose companies may have to abide by stricter provisions to do business in Europe. But intense lobbying from the United States in part watered down the draft legislation.

The overhaul of data protection rules proposed by Viviane Reding, the European Commission vice president in charge of fundamental rights, was substantially modified before it was published, following a heated debate within the EU executive.

Many lobbies tried to soften the rules concerning the newly introduced 'right to be forgotten,' enabling users to delete personal information that they no longer want to share with banks, online booking websites or social media.

Timeline

2013: Updated data protection rules continue to be negotiated by European Parliament and European Council

Comments

Leave a Reply

Maybe she should rather visit US companies and tell them that they don’t make the rules over here and that Brussels is not Washington. When you are in a foreign jurisdiction you are supposed to respect governance by the people, look at how domestic companies behave and adapt, having in mind that your corporation is a visitor here, not a stakeholder. Data Protection has nothing to do with free trade but it can’t be so difficult for the US to abide to the rules developed by 27 other sovereign nations jointly, rather than making so much fuzz. All the US… Read more »

0

| Hide Replies ∧

Anonymous

23/04/2013 16:32

What European companies are you referring to? Last time I checked there wasn’t a European Google or Facebook or YouTube or Yahoo or Microsoft.

I am also curious to know what you think about all those jobs that American companies have created in Europe. I’m pretty sure that a European or two has made a descent living off of one of the many US tech giants in Europe.

Do you use Google? Yeah, I thought so. … but then again, maybe I am just an ignorant American.

0

| Hide Replies ∧

Anonymous

23/04/2013 16:34

*decent – my apologies for the error

0

| Hide Replies ∧

Anonymous

23/04/2013 17:12

If I am not mistaken Kate, that is because of the EU open market strategy. China, Russia, they all have their own brands. We believe in open markets, we build our single market, we don’t compromise quality of service of US brands as the Chinese do. It is the European Commission which spearheads the struggle for net neutrality. In Europe the peoples of Europe set the rules for our markets. As citizens we expect our governments to respect our fundamental rights and defend our values. It is not upon foreign or domestic companies to compromise our fundamental rights. Privacy is… Read more »

0

| Hide Replies ∧

Anonymous

23/04/2013 22:24

The US doesn’t really have privacy or Data Protection explicitly written into law, and its management of what is essentially a Human Right has been abysmal – organisations such as Facebook and Google have come to consider the small cost of privacy fines the cost of doing business instead of a reason to correct behaviour, which has left Europe as the last (slowly faltering) bastion of personal privacy, with MASSIVE lobbying thrown at especially Brussels to prevent actual enforcement of the law. There are reports aplenty of Safe Habor not being Safe or Harbor at all, as a plethora of… Read more »

0

| Hide Replies ∧

Anonymous

29/04/2013 05:03

From a U.S. citizen.

it is sad that now a days, it is the U.S. lobbying against the right of privacy, and the right to be left alone. The U.S. was founded because people wanted to flee oppression in europe. Now, in many areas, the tables are turned and it is the U.S. which is a police state.

0

| Hide Replies ∧

Anonymous

29/04/2013 05:24

records are availiable toeveryone, and the U.S. portects the corporations data bases. Can be arrested for the slightest thing, and even if the charges are dropped, records follow you and you always have to explain your self – guilty until pardoned. Sex offender registrys on most states include those who have to go WeeWee behind a tree because there is no bathroom. many states have manditory arrest policies for husband and wife who have a food fight (domestic violance) whenever the G8 comes rights of citizens to protest are totally disregarded. Animale enterprise terrorism – people are treated as terrorists… Read more »

0

| Hide Replies ∧

Anonymous

29/04/2013 05:32

The U.S. is no longer the land of the free and the home of the brave. We have deterioted into a nation of cowards residing in a corporate controlled police state. many of our citizens are seeking freedom someplace else. some say love it or leave it, but the United States left me. In the last 4 decades that I remember, I have seen so many freedoms lost, so many of our rights lost, and so many people don’T care, don’T remember, or don’T notice. whats even scarier are the latest proposals of our congressmen and past and current president.

0

| Hide Replies ∧

Anonymous

03/05/2013 16:11

The Council of European Professional Informatics Societies (CEPIS) represents 35 National Informatics Societies across greater Europe. We support the statement “Data Protection in Europe” released by European academics and as the leading voice of European ICT Professionals we believe that the following issues should also be taken into account in this important debate on data protection: ?The use of pseudonyms, anonymous or encrypted data are useful technical instruments to prevent the direct identification of individuals. However they can always be bypassed and hence are not a replacement for data protection by regulation or as a reason to lower the level… Read more »

0

| Hide Replies ∧

Anonymous

04/05/2013 21:28

It is disgraceful how the US government and US corporations are successfully dismantling the privacy rights of European citizens. Shame on the MEPs who are assisting them in this.

0

| Hide Replies ∧

Anonymous

05/05/2013 12:18

I’m working on the rights of children in this context as well. COPPA is better renamed COPOUT (Child Online Privacy Onerous and Useless Terms) because it justifies processing data of individuals who are for legal purposes considered minors for profit, without control, means, say so or ability of parents and legal guardians to protect them.

Kindly stop walking around this elephant. I have some solutions already – happy to discuss collaboration.